99 is the user nobody, so it has to be installed under the wrong user (nobody) if that is the error you are receiving.

Go to /var/cpanel/userdata/nobody to see if the cert is there by domain.com_SSL (domain.com being your domain's name) name. If it is, then move it to /var/cpanel/userdata/user (where user is the cPanel username of the right user). Open up the domain.com_SSL file and change the following in that file:

Just so I'm clear, WHM forces you to install ssl certs as nobody as a security measure, which breaks ssl on that vhost, and the fix is to change everything back to user, thus circumventing the security?

Pardon me for being picky, but is this the official method for installing ssl in a vhost?

An SSL certificate should only be installed on the nobody user if it is meant to be a shared certificate. Normally, an SSL certificate should be installed for the account user that owns the domain for which the certificate was generated.

That worked. The interesting this is that WHM said I couldn't install it unless I installed it as the nobody user, but in SSH all I did was follow the steps you laid out, and it worked like a charm, but then I had the issue with a second site, and all I did the second time around was assign that user his own IP, and the problem was solved that way too. =0)

Staff Member

Correct, any SSL installed onto the main shared IP will only be installed as the user nobody via WHM, so if you are using that main shared IP for an account, you'd first have to install as nobody in WHM, then go into root SSH and do the steps I had noted (Miraenda user is my non-staff account).

If you do not want to go through such a hassle, simply install a dedicated IP onto the account getting the SSL, then you can install the SSL using WHM onto the user's account rather than using the user nobody.

When I remove the sub.domain.com_SSL file from /var/cpanel/userdata/user and try again, the rebuilding is fine. The account is owned by root and uses the shared ip from WHM and the certificate was installed in WHM.

Staff Member

I don't see anything there that would really cause this issue. Could you try opening up a ticket so we can check into this further? WHM > Support Center > Contact cPanel or the link in my signature are the methods you can use to submit a ticket. Thanks!

99 is the user nobody, so it has to be installed under the wrong user (nobody) if that is the error you are receiving.

Go to /var/cpanel/userdata/nobody to see if the cert is there by domain.com_SSL (domain.com being your domain's name) name. If it is, then move it to /var/cpanel/userdata/user (where user is the cPanel username of the right user). Open up the domain.com_SSL file and change the following in that file:

Replacing user with the username for each one. Of note, these are not the only lines in the file, they are just the lines you need to change in that file.

If the account is a reseller and not owned by root, you will also need to change owner: root to owner: user.

Please also check the ip: field has the right IP listed.

After making all the changes, then run these commands to rebuild Apache with the new entries and get it restarted:

Code:

/scripts/rebuildhttpdconf
/etc/init.d/httpd restart

Click to expand...

Alright, so now it's 2012 and you still can't just create your un-signed ssl in whm and assign it to a cpanel user account (with static IP) without doing these steps? WHM still forces you to use 'nobody' instead of the user in which it's intended for or am I doing something wrong? I don't understand why?